Hi all,
I just installed my first mikrotik RouterBOARD 1100AHx2. All routing works fine, but I face problems with the L2TP/IPSec VPN connection. From direct outside the RB it works, but from outside, via the internet, I can't connect.
The setup is rather simple ( https://dl.dropboxusercontent.com/u/12926517/Layout.jpg )
the network is connected to the internet via a standard Cisco EPC3925 modem/router (from the cable company).
Under that the RB (1), and behind that the whole network.
When I put the microtik RB in the dmz (or redirect all the needed ports) i do not get a VPN connection, the client that connects via the internet just times out and there is no single sign in the RB logging.
My windows 7 (64bit) test client (2) is directly connected under the Cisco network, so NOT under the RB.
With this client I can create a windows client VPN and everything works fine.
Of course that would point to a bad port forwarding, but when I use a simple test utility ( http://www.hw-group.com/products/hercules/index_en.html )
I let the Cisco DMZ point to my windows laptop (2), who is then running the Hercules test server software. Without problems I can reach the Hercules test server from any other place on the internet. (no VPN involved here, just plain server). Also when I use port forwarding for the tested ports to this laptop (instead of DMZ) , everything works fine.
So why does an internal VPN work, but an internet VPN not?
Can anybody give me a hint?
the ports I opened for forwarding VPN/L2TP are here below. I also tried by putting the whole RB in the DMZ and that also didn't work:
L2TP traffic - UDP 1701
Internet Key Exchange (IKE/negotiation) - UDP 500
IPSec Network Address Translation (NAT-T) - UDP 4500
Encapsulated Security Protocol (ESP) - TCP 50
Authentication Header (AH) - TCP 51
-
-
GeneralFailure
just joined
- Posts: 10
- Joined:
- Location: Netherlands
Re: vpn intern OK, over internet not OK
Hi thereHi there,
Are you able to connect to the internet from inside the mikrotik? For example ping 8.8.8.8?
Might be that your mikrotik is not configured to access the internet or you might have firewall rules in place?
Are you able to connect to the internet from inside the mikrotik? For example ping 8.8.8.8?
Might be that your mikrotik is not configured to access the internet or you might have firewall rules in place?
-
-
GeneralFailure
just joined
- Posts: 10
- Joined:
- Location: Netherlands
Re: vpn intern OK, over internet not OK
internet from inside mikrotik is fine, ping gives normal results. I type this reply from inside the mikrotik lan.
Attached you can find the complete script the network setup is straightforward, and everything works, except the external vpn
Attached you can find the complete script the network setup is straightforward, and everything works, except the external vpn
You do not have the required permissions to view the files attached to this post.